VLAN confusion
- 
 @coliver said in VLAN confusion: @dave247 Sounds like your company has made a decision already. The CIO has failed at one of the most basic life skills... "Never take advice from a sales person." Yes, I am aware of this sigh but I can only do so much. I don't want to get into the details of my work dynamic with my boss and all that, and long story-short, I have to do what he says as I am the only sysadmin/low man on the totem pole. 
- 
 @dave247 said in VLAN confusion: Also, my CIO is adamant about keeping the voice traffic segregated for "security reasons" as it will satisfy an item on one of our various IT audits (we are a financial institution that has a lot of audits). That's fine IF he can prove that the audit is legit (normally they are fake) and find some regulation that the auditor is following. I'm not aware of any here, so he's need to produce this. This sounds like collusion to me. If this was an actual security concern, VLANs aren't an option, you have to encrypt the voice traffic. If someone is suggesting a VLAN to meet this audit requirement, something inappropriate is going on. No regulation makes you put in VLANs. 
- 
 @dave247 said in VLAN confusion: How can I convince my boss and Cisco that we can keep the the phones and the computers/servers on the same network and VLAN? You don't. Neither of them care about what is good for the company. These are your enemies. You don't convince the enemy to stop attacking you. You get your forces to barricade your castle to keep it safe. You don't let the enemies in and then ask them not to sack and pillage once inside. 
- 
 @dave247 said in VLAN confusion: .... (we are a financial institution that has a lot of audits). Go to the CEO and express concerns about the security of the department as it appears that your CIO is in collusion with a company looking to take advantage of you. If this was a Wall St. firm, you'd be legally required to do this under SEC regulations. As you are not SEC covered but just a "bank" I assume, this is just an ethical thing, not a legal one. 
- 
 @scottalanmiller said in VLAN confusion: @dave247 said in VLAN confusion: Also, my CIO is adamant about keeping the voice traffic segregated for "security reasons" as it will satisfy an item on one of our various IT audits (we are a financial institution that has a lot of audits). That's fine IF he can prove that the audit is legit (normally they are fake) and find some regulation that the auditor is following. I'm not aware of any here, so he's need to produce this. This sounds like collusion to me. If this was an actual security concern, VLANs aren't an option, you have to encrypt the voice traffic. If someone is suggesting a VLAN to meet this audit requirement, something inappropriate is going on. No regulation makes you put in VLANs. Good point. I will ask for the specific audit request on this and find out more. 
- 
 @dave247 said in VLAN confusion: I may end up just having to follow orders and let my company "waste" a lot of money on this stuff, but I would be willing to make the case for a smarter setup. Is management aware that the CIO is selling out the company and claims a security requirement but then is bypassing it to shuffle money to someone? You have a pretty clear sign that money is going to exchange hands based on some pretty unscrupulous foundations from your description. 
- 
 @dave247 said in VLAN confusion: @coliver said in VLAN confusion: @dave247 Sounds like your company has made a decision already. The CIO has failed at one of the most basic life skills... "Never take advice from a sales person." Yes, I am aware of this sigh but I can only do so much. I don't want to get into the details of my work dynamic with my boss and all that, and long story-short, I have to do what he says as I am the only sysadmin/low man on the totem pole. Then you're done. The company has made a decision and it's your job to implement and support it. Not your monkey not your circus as far as the purchasing decisions go. 
- 
 @coliver said in VLAN confusion: @dave247 Sounds like your company has made a decision already. The CIO has failed at one of the most basic life skills... "Never take advice from a sales person." Yes, he has failed at adulting or, far more likely being that he has made it to CIO level, at ethics. The most likely scenario is that there are direct kickbacks going on. 
- 
 @dave247 said in VLAN confusion: @coliver said in VLAN confusion: @dave247 Sounds like your company has made a decision already. The CIO has failed at one of the most basic life skills... "Never take advice from a sales person." Yes, I am aware of this sigh but I can only do so much. I don't want to get into the details of my work dynamic with my boss and all that, and long story-short, I have to do what he says as I am the only sysadmin/low man on the totem pole. In a healthy company, that statement should get you in trouble - because knowing that you have a security / ethics breach and a rogue actor putting the company at risk should be something that the company doesn't just allow you to expose, but requires you to expose. Does the CEO really not want to know that he has a CIO abusing the company for personal reasons? 
- 
 @scottalanmiller said in VLAN confusion: @dave247 said in VLAN confusion: They've mentioned setting up a VLAN for the phone system and setting up a voice router for it. Of course he has, your CIO decided on this path when he brought in a Cisco networking salesman to screw the company. That decision was made ahead of time. Cisco uses their phones as a leader to get companies to buy inappropriate networking equipment. This is a completely "by the book" unscrupulous sales tactic for VoIP sales people. Well we are probably going to go with them and I might not have much of a say... so it's going to be difficult for me to try to pressure these people to install a system in a way different than how they usually do it. Is there any material I can reference to "prove" that VLAN's are not needed and that voice and data are fine on the same network? Actually, now that i think of it, our current voice and data are on the same network and we have no issues. Also, regarding QoS, didn't you mention something about having the QoS set up on the VoIP RTP service rather than the voice VLAN? 
- 
 @coliver said in VLAN confusion: @dave247 said in VLAN confusion: @coliver said in VLAN confusion: @dave247 Sounds like your company has made a decision already. The CIO has failed at one of the most basic life skills... "Never take advice from a sales person." Yes, I am aware of this sigh but I can only do so much. I don't want to get into the details of my work dynamic with my boss and all that, and long story-short, I have to do what he says as I am the only sysadmin/low man on the totem pole. Then you're done. The company has made a decision and it's your job to implement and support it. Not your monkey not your circus as far as the purchasing decisions go. Depends. In a healthy business of any type, anyone in IT knowing that there is something unethical going on and a breach (a rogue CIO using the company for personal gain or putting it at risk for fun is a serious breach) is in a position of "mandatory reporter." The business trusts its staff to report things like this, how else does it find out? 
- 
 @dave247 said in VLAN confusion: Didn't you mention something about having the QoS set up on the VoIP RTP service rather than the voice VLAN? That is the only way to actually force the voice service to get QoS. Otherwise everything on the VLAN is getting the same high priority. Granted there should not be much else on there, but it is not technically providing QoS to the VOICE traffic. 
- 
 @dave247 said in VLAN confusion: @scottalanmiller said in VLAN confusion: @dave247 said in VLAN confusion: They've mentioned setting up a VLAN for the phone system and setting up a voice router for it. Of course he has, your CIO decided on this path when he brought in a Cisco networking salesman to screw the company. That decision was made ahead of time. Cisco uses their phones as a leader to get companies to buy inappropriate networking equipment. This is a completely "by the book" unscrupulous sales tactic for VoIP sales people. Well we are probably going to go with them and I might not have much of a say... so it's going to be difficult for me to try to pressure these people to install a system in a way different than how they usually do it. Is there any material I can reference to "prove" that VLAN's are not needed and that voice and data are fine on the same network? Actually, now that i think of it, our current voice and data are on the same network and we have no issues. Also, regarding QoS, didn't you mention something about having the QoS set up on the VoIP RTP service rather than the voice VLAN? Things to take to your CEO (I'd honestly share this thread with him and tell him that I'm local, have an SEC background, have worked with Ray Dalio, have been in the biggest banks and hedges in the world, and will happily stop by to discuss financial ethics and rogue actors issues with him to explain the problem being perceived) would include... https://www.smbitjournal.com/2011/07/never-get-advice-from-a-reseller-or-vendor/ 
 https://www.smbitjournal.com/2016/06/buyers-and-sellers-agents-in-it/
 https://www.smbitjournal.com/2017/07/the-social-contract-of-sales/And... 
- 
 @scottalanmiller said in VLAN confusion: @coliver said in VLAN confusion: @dave247 Sounds like your company has made a decision already. The CIO has failed at one of the most basic life skills... "Never take advice from a sales person." Yes, he has failed at adulting or, far more likely being that he has made it to CIO level, at ethics. The most likely scenario is that there are direct kickbacks going on. Yes, I've heard a lot of this from you through previous posts on the S****works forums and I hear where you are coming from and get that you probably have a lot of reasons to make that assumption. People are insanely corrupt. That being said, from my impression of everyone that I work with at my company (which is a local family owned business, not a corporation) is that everyone here is pretty nice and trusting. So I think if there is any failure on the part of my CIO, its that he's not very knowledgeable with the current IT industry and he's very trusting in people. I know you might then reply with the question of why he's a CIO at all.. he is mainly involved with high level policy and procedure for several of our departments and helps ensure that we meet regulation and pass audits, and he has very good business acumen, but as I said, he's a bit behind in the world of IT these days, regarding the technical/hands-on stuff. 
- 
 @dave247 said in VLAN confusion: That being said, from my impression of everyone that I work with at my company (which is a local family owned business, not a corporation) is that everyone here is pretty nice and trusting. That's exactly the kinds of businesses I see have this happen to them all of the time. I've seen small family businesses have everything stolen from them by a family "friend" that even took his vacations with them! If the CIO legitimately wants to protect the business, he'll not just accept but invite a discussion about where there is a huge problem with the interaction here. If he's on the take, he'll not be happy about it. Anyone can make a mistake, how he reacts to it being exposed would tell you if it is a mistake or intentional. 
- 
 @dave247 said in VLAN confusion: So I think if there is any failure on the part of my CIO, its that he's not very knowledgeable with the current IT industry and he's very trusting in people. No, neither of those things is a possible factor. Literally, impossible. 
- 
 @dave247 said in VLAN confusion: (which is a local family owned business, not a corporation) This should be a red flag I feel like. 
- 
 @dave247 said in VLAN confusion: I know you might then reply with the question of why he's a CIO at all.. he is mainly involved with high level policy and procedure for several of our departments and helps ensure that we meet regulation and pass audits, and he has very good business acumen, but as I said, he's a bit behind in the world of IT these days, regarding the technical/hands-on stuff. That's fine to say. But the issue we have here is that he is failing at business acumen. That is the sole issue. His technical competence was never mentioned. That he needs help technically is clear. But what you are missing is that we are only discussing his business competence or ethics, and that is the failing. If you believe he's a skilled businessman, that tells us that you then must believe that he is a crook. Because this is insanely basic business stuff that he's doing wrong in the standard, unethical way that someone on the take does. 
- 
 @dave247 said in VLAN confusion: ... but as I said, he's a bit behind in the world of IT these days, regarding the technical/hands-on stuff. Why do you think that this matters? The issues are... - Turning to a salesman for advice.
- Listening to someone paid to act against the company.
- Not doing due diligence.
- Avoiding the most basic business rules for acting ethically.
 In the issue above, none are affected, in any way, by technical knowledge. Someone who has never even heard of computers would have no issues avoiding the problems here. 
- 
 @scottalanmiller said in VLAN confusion: @dave247 said in VLAN confusion: @coliver said in VLAN confusion: @dave247 Sounds like your company has made a decision already. The CIO has failed at one of the most basic life skills... "Never take advice from a sales person." Yes, I am aware of this sigh but I can only do so much. I don't want to get into the details of my work dynamic with my boss and all that, and long story-short, I have to do what he says as I am the only sysadmin/low man on the totem pole. In a healthy company, that statement should get you in trouble - because knowing that you have a security / ethics breach and a rogue actor putting the company at risk should be something that the company doesn't just allow you to expose, but requires you to expose. Does the CEO really not want to know that he has a CIO abusing the company for personal reasons? It's comments like this that make this hard to accept. It's not that it's not possible - but how do you know his CIO is abusing the company for personal reasons? It's every bit more likely that he's simply failing at his job of researching good solution - and that no reasons other than laziness are really involved here. 




